<!DOCTYPE HTML>
<html>

<head>
	<link rel="bookmark"  type="image/x-icon"  href="/img/logo_miccall.png"/>
	<link rel="shortcut icon" href="/img/logo_miccall.png">
	
			    <title>
    Ame雨
    </title>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no" />
    <link rel="stylesheet" href="/amelin-ting/css/mic_main.css" />
    <link rel="stylesheet" href="/amelin-ting/css/dropdownMenu.css" />
    <meta name="keywords" content="Ame雨" />
    
    	<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>
	 
    <noscript>
        <link rel="stylesheet" href="/amelin-ting/css/noscript.css" />
    </noscript>
    <style type="text/css">
        body:before {
          content: ' ';
          position: fixed;
          top: 0;
          background: url('/amelin-ting/img/bg.jpg') center 0 no-repeat;
          right: 0;
          bottom: 0;
          left: 0;
          background-size: cover; 
        }
    </style>

			    
  
    <script type="text/x-mathjax-config">
      MathJax.Hub.Config({
        tex2jax: {
          inlineMath: [ ['$','$'], ["\\(","\\)"]  ],
          processEscapes: true,
          skipTags: ['script', 'noscript', 'style', 'textarea', 'pre', 'code']
        }
      });
    </script>

    <script type="text/x-mathjax-config">
      MathJax.Hub.Queue(function() {
        var all = MathJax.Hub.getAllJax(), i;
        for (i=0; i < all.length; i += 1) {
          all[i].SourceElement().parentNode.className += ' has-jax';
        }
      });
    </script>
    <script async type="text/javascript" src="//cdn.bootcss.com/mathjax/2.7.1/latest.js?config=TeX-AMS-MML_HTMLorMML"></script>
  


    <script src="/amelin-ting/js/jquery.min.js"></script>
    <script src="/amelin-ting/js/jquery.scrollex.min.js"></script>
    <script src="/amelin-ting/js/jquery.scrolly.min.js"></script>
    <script src="/amelin-ting/js/skel.min.js"></script>
    <script src="/amelin-ting/js/util.js"></script>
    <script src="/amelin-ting/js/main.js"></script>
	
<meta name="generator" content="Hexo 5.4.0"></head>
    
		
<!-- Layouts -->



<!--  代码渲染  -->
<link rel="stylesheet" href="/css/prism_coy.css" />
<link rel="stylesheet" href="/css/typo.css" />
<!-- 文章页 -->
<body class="is-loading">
    <!-- Wrapper 外包 s-->
    <div id="wrapper" class="fade-in">
        <!-- Intro 头部显示 s -->
        <!-- Intro 头部显示 e -->
        <!-- Header 头部logo start -->
        <header id="header">
    <a href="/amelin-ting/" class="logo">Art Space</a>
</header>
        <!-- Nav 导航条 start -->
        <nav id="nav" class="special" >
            <ul class="menu links" >
			<!-- Homepage  主页  --> 
			<li >
	            <a href="/amelin-ting/" rel="nofollow">主页</a>
	        </li>
			<!-- categories_name  分类   --> 
	        
	        <li class="active">
	            <a href="#s1">分类</a>
	                    <ul class="submenu">
	                        <li>
	                        <a class="category-link" href="/amelin-ting/categories/Go/">Go</a></li><li><a class="category-link" href="/amelin-ting/categories/django/">django</a></li><li><a class="category-link" href="/amelin-ting/categories/drf/">drf</a></li><li><a class="category-link" href="/amelin-ting/categories/gin/">gin</a></li><li><a class="category-link" href="/amelin-ting/categories/go/">go</a></li><li><a class="category-link" href="/amelin-ting/categories/linux/">linux</a></li><li><a class="category-link" href="/amelin-ting/categories/mysql/">mysql</a></li><li><a class="category-link" href="/amelin-ting/categories/python/">python</a></li><li><a class="category-link" href="/amelin-ting/categories/%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F/">内网穿透</a></li><li><a class="category-link" href="/amelin-ting/categories/%E5%89%8D%E7%AB%AF/">前端</a>
	                    </ul>
	        </li>
	        
	        <!-- archives  归档   --> 
	        
	        
		        <!-- Pages 自定义   -->
		        
		        <li>
		            <a href="/about/" title="简历">
		                简历
		            </a>
		        </li>
		        
		        <li>
		            <a href="/group/" title="团队">
		                团队
		            </a>
		        </li>
		        
		        <li>
		            <a href="/gallery/" title="图库">
		                图库
		            </a>
		        </li>
		        
		        <li>
		            <a href="/tag/" title="标签">
		                标签
		            </a>
		        </li>
		        


            </ul>
            <!-- icons 图标   -->
			<ul class="icons">
                    
                    <li>
                        <a title="github" href="https://github.com/miccall" target="_blank" rel="noopener">
                            <i class="icon fa fa-github"></i>
                        </a>
                    </li>
                    
                    <li>
                        <a title="500px" href="http://500px.com" target="_blank" rel="noopener">
                            <i class="icon fa fa-500px"></i>
                        </a>
                    </li>
                    
			</ul>
</nav>

        <div id="main" >
            <div class ="post_page_title_img" style="height: 25rem;background-image: url(https://img0.baidu.com/it/u=2347302410,958417368&amp;fm=26&amp;fmt=auto);background-position: center; background-repeat:no-repeat; background-size:cover;-moz-background-size:cover;overflow:hidden;" >
                <a href="#" style="padding: 4rem 4rem 2rem 4rem ;"><h2 >django中间件</h2></a>
            </div>
            <!-- Post -->
            <div class="typo" style="padding: 3rem;">
                <h2 id="一、Django中间件前戏"><a href="#一、Django中间件前戏" class="headerlink" title="一、Django中间件前戏"></a>一、Django中间件前戏</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">django中间件是django的门户</span></span><br><span class="line"><span class="string">1.请求来的时候需要先经过中间件才能到达真正的django后端</span></span><br><span class="line"><span class="string">2.响应走的时候最后也需要经过中间件才能发送出去</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">django自带七个中间件</span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="number">1.</span> django请求生命周期流程图</span><br><span class="line"></span><br><span class="line"><span class="number">2.</span> 研究django中间件代码规律</span><br><span class="line"></span><br><span class="line">    MIDDLEWARE = [</span><br><span class="line">        <span class="string">&#x27;django.middleware.security.SecurityMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.contrib.sessions.middleware.SessionMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.middleware.common.CommonMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.middleware.csrf.CsrfViewMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.contrib.auth.middleware.AuthenticationMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.contrib.messages.middleware.MessageMiddleware&#x27;</span>,</span><br><span class="line">        <span class="string">&#x27;django.middleware.clickjacking.XFrameOptionsMiddleware&#x27;</span>,</span><br><span class="line">    ]</span><br><span class="line"></span><br><span class="line">    <span class="class"><span class="keyword">class</span> <span class="title">SessionMiddleware</span>(<span class="params">MiddlewareMixin</span>):</span></span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_request</span>(<span class="params">self, request</span>):</span></span><br><span class="line">            session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)</span><br><span class="line">            request.session = self.SessionStore(session_key)</span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_response</span>(<span class="params">self, request, response</span>):</span></span><br><span class="line">            <span class="keyword">return</span> response</span><br><span class="line"></span><br><span class="line">    <span class="class"><span class="keyword">class</span> <span class="title">CsrfViewMiddleware</span>(<span class="params">MiddlewareMixin</span>):</span></span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_request</span>(<span class="params">self, request</span>):</span></span><br><span class="line">            csrf_token = self._get_token(request)</span><br><span class="line">            <span class="keyword">if</span> csrf_token <span class="keyword">is</span> <span class="keyword">not</span> <span class="literal">None</span>:</span><br><span class="line">                <span class="comment"># Use same token next time.</span></span><br><span class="line">                request.META[<span class="string">&#x27;CSRF_COOKIE&#x27;</span>] = csrf_token</span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_view</span>(<span class="params">self, request, callback, callback_args, callback_kwargs</span>):</span></span><br><span class="line">            <span class="keyword">return</span> self._accept(request)</span><br><span class="line"></span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_response</span>(<span class="params">self, request, response</span>):</span></span><br><span class="line">            <span class="keyword">return</span> response</span><br><span class="line"></span><br><span class="line">    <span class="class"><span class="keyword">class</span> <span class="title">AuthenticationMiddleware</span>(<span class="params">MiddlewareMixin</span>):</span></span><br><span class="line">        <span class="function"><span class="keyword">def</span> <span class="title">process_request</span>(<span class="params">self, request</span>):</span></span><br><span class="line">            request.user = SimpleLazyObject(<span class="keyword">lambda</span>: get_user(request))</span><br><span class="line">    <span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">    django支持程序员自定义中间件并且暴露给程序员五个可以自定义的方法</span></span><br><span class="line"><span class="string">        1.必须掌握</span></span><br><span class="line"><span class="string">            process_request</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">            process_response</span></span><br><span class="line"><span class="string">        2.了解即可</span></span><br><span class="line"><span class="string">            process_view</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">            process_template_response</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">            process_exception</span></span><br><span class="line"><span class="string">    &quot;&quot;&quot;</span></span><br></pre></td></tr></table></figure>

<h2 id="二、Django中间件必须掌握的方法"><a href="#二、Django中间件必须掌握的方法" class="headerlink" title="二、Django中间件必须掌握的方法"></a>二、Django中间件必须掌握的方法</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">1.在项目名或者应用名下创建一个任意名称的文件夹</span></span><br><span class="line"><span class="string">2.在该文件夹内创建一个任意名称的py文件</span></span><br><span class="line"><span class="string">3.在该py文件内需要书写类(这个类必须继承MiddlewareMixin)</span></span><br><span class="line"><span class="string">	然后在这个类里面就可以自定义五个方法了</span></span><br><span class="line"><span class="string">	(这五个方法并不是全部都需要书写，用几个写几个)</span></span><br><span class="line"><span class="string">4.需要将类的路径以字符串的形式注册到配置文件中才能生效</span></span><br><span class="line"><span class="string">MIDDLEWARE = [</span></span><br><span class="line"><span class="string">    &#x27;django.middleware.security.SecurityMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.contrib.sessions.middleware.SessionMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.middleware.common.CommonMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.middleware.csrf.CsrfViewMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.contrib.auth.middleware.AuthenticationMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.contrib.messages.middleware.MessageMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;django.middleware.clickjacking.XFrameOptionsMiddleware&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;你自己写的中间件的路径1&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;你自己写的中间件的路径2&#x27;,</span></span><br><span class="line"><span class="string">    &#x27;你自己写的中间件的路径3&#x27;,</span></span><br><span class="line"><span class="string">]</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">1.必须掌握</span></span><br><span class="line"><span class="string">		process_request </span></span><br><span class="line"><span class="string">			1.请求来的时候需要经过每一个中间件里面的process_request方法</span></span><br><span class="line"><span class="string">			结果的顺序是按照配置文件中注册的中间件从上往下的顺序依次执行</span></span><br><span class="line"><span class="string">			2.如果中间件里面没有定义该方法，那么直接跳过执行下一个中间件</span></span><br><span class="line"><span class="string">			3.如果该方法返回了HttpResponse对象，那么请求将不再继续往后执行</span></span><br><span class="line"><span class="string">			而是直接原路返回(校验失败不允许访问...)</span></span><br><span class="line"><span class="string">			process_request方法就是用来做全局相关的所有限制功能</span></span><br><span class="line"><span class="string">			</span></span><br><span class="line"><span class="string">		process_response</span></span><br><span class="line"><span class="string">			1.响应走的时候需要结果每一个中间件里面的process_response方法</span></span><br><span class="line"><span class="string">			该方法有两个额外的参数request,response</span></span><br><span class="line"><span class="string">			2.该方法必须返回一个HttpResponse对象</span></span><br><span class="line"><span class="string">				1.默认返回的就是形参response</span></span><br><span class="line"><span class="string">				2.你也可以自己返回自己的</span></span><br><span class="line"><span class="string">			3.顺序是按照配置文件中注册了的中间件从下往上依次经过</span></span><br><span class="line"><span class="string">				如果你没有定义的话 直接跳过执行下一个</span></span><br><span class="line"><span class="string">		</span></span><br><span class="line"><span class="string">		研究如果在第一个process_request方法就已经返回了HttpResponse对象，那么响应走的时候是经过所有的中间件里面的process_response还是有其他情况</span></span><br><span class="line"><span class="string">		是其他情况</span></span><br><span class="line"><span class="string">			就是会直接走同级别的process_reponse返回</span></span><br><span class="line"><span class="string">		</span></span><br><span class="line"><span class="string">		flask框架也有一个中间件但是它的规律</span></span><br><span class="line"><span class="string">			只要返回数据了就必须经过所有中间件里面的类似于process_reponse方法</span></span><br><span class="line"><span class="string">			</span></span><br><span class="line"><span class="string">			</span></span><br><span class="line"><span class="string">2.了解即可</span></span><br><span class="line"><span class="string">		process_view</span></span><br><span class="line"><span class="string">			路由匹配成功之后执行视图函数之前，会自动执行中间件里面的该放法</span></span><br><span class="line"><span class="string">			顺序是按照配置文件中注册的中间件从上往下的顺序依次执行</span></span><br><span class="line"><span class="string">			</span></span><br><span class="line"><span class="string">		process_template_response</span></span><br><span class="line"><span class="string">			返回的HttpResponse对象有render属性的时候才会触发</span></span><br><span class="line"><span class="string">			顺序是按照配置文件中注册了的中间件从下往上依次经过</span></span><br><span class="line"><span class="string">			</span></span><br><span class="line"><span class="string">		process_exception</span></span><br><span class="line"><span class="string">			当视图函数中出现异常的情况下触发</span></span><br><span class="line"><span class="string">			顺序是按照配置文件中注册了的中间件从下往上依次经过</span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line">	</span><br></pre></td></tr></table></figure>

<h2 id="三、csrf跨站请求伪造"><a href="#三、csrf跨站请求伪造" class="headerlink" title="三、csrf跨站请求伪造"></a>三、csrf跨站请求伪造</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">1.</span> 什么是钓鱼网站	</span><br><span class="line">    <span class="number">1.1</span> 钓鱼网站</span><br><span class="line">            我搭建一个跟正规网站一模一样的界面(中国银行)</span><br><span class="line">            用户不小心进入到了我们的网站，用户给某个人打钱</span><br><span class="line">            打钱的操作确确实实是提交给了中国银行的系统，用户的钱也确确实实减少了</span><br><span class="line">            但是唯一不同的时候打钱的账户不适用户想要打的账户变成了一个莫名其妙的账户</span><br><span class="line"></span><br><span class="line">    <span class="number">1.2</span> 内部本质</span><br><span class="line">            我们在钓鱼网站的页面 针对对方账户 只给用户提供一个没有name属性的普通<span class="built_in">input</span>框</span><br><span class="line">            然后我们在内部隐藏一个已经写好name和value的<span class="built_in">input</span>框</span><br><span class="line"></span><br><span class="line"><span class="number">2.</span>如何规避上述问题</span><br><span class="line">	csrf跨站请求伪造校验</span><br><span class="line">		网站在给用户返回一个具有提交数据功能页面的时候会给这个页面加一个唯一标识</span><br><span class="line">		当这个页面朝后端发送post请求的时候 我的后端会先校验唯一标识，如果唯一标识不对直接拒绝(<span class="number">403</span> forbbiden)如果成功则正常执行	</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h2 id="四、csrf校验"><a href="#四、csrf校验" class="headerlink" title="四、csrf校验"></a>四、csrf校验</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">1.</span>form&amp;Ajax校验</span><br><span class="line">    <span class="comment"># form表单如何符合校验</span></span><br><span class="line">    &lt;form action=<span class="string">&quot;&quot;</span> method=<span class="string">&quot;post&quot;</span>&gt;</span><br><span class="line">        &#123;% csrf_token %&#125;</span><br><span class="line">        &lt;p&gt;username:&lt;<span class="built_in">input</span> <span class="built_in">type</span>=<span class="string">&quot;text&quot;</span> name=<span class="string">&quot;username&quot;</span>&gt;&lt;/p&gt;</span><br><span class="line">        &lt;p&gt;target_user:&lt;<span class="built_in">input</span> <span class="built_in">type</span>=<span class="string">&quot;text&quot;</span> name=<span class="string">&quot;target_user&quot;</span>&gt;&lt;/p&gt;</span><br><span class="line">        &lt;p&gt;money:&lt;<span class="built_in">input</span> <span class="built_in">type</span>=<span class="string">&quot;text&quot;</span> name=<span class="string">&quot;money&quot;</span>&gt;&lt;/p&gt;</span><br><span class="line">        &lt;<span class="built_in">input</span> <span class="built_in">type</span>=<span class="string">&quot;submit&quot;</span>&gt;</span><br><span class="line">    &lt;/form&gt;</span><br><span class="line"></span><br><span class="line">    <span class="comment"># ajax如何符合校验</span></span><br><span class="line">    // 第一种 利用标签查找获取页面上的随机字符串</span><br><span class="line">    &#123;<span class="comment">#data:&#123;&quot;username&quot;:&#x27;jason&#x27;,&#x27;csrfmiddlewaretoken&#x27;:$(&#x27;[name=csrfmiddlewaretoken]&#x27;).val()&#125;,#&#125;</span></span><br><span class="line">    // 第二种 利用模版语法提供的快捷书写</span><br><span class="line">    &#123;<span class="comment">#data:&#123;&quot;username&quot;:&#x27;jason&#x27;,&#x27;csrfmiddlewaretoken&#x27;:&#x27;&#123;&#123; csrf_token &#125;&#125;&#x27;&#125;,#&#125;</span></span><br><span class="line">    // 第三种 通用方式直接拷贝js代码并应用到自己的html页面上即可</span><br><span class="line">    data:&#123;<span class="string">&quot;username&quot;</span>:<span class="string">&#x27;jason&#x27;</span>&#125;</span><br><span class="line"><span class="number">2.j</span>s代码</span><br><span class="line">    function getCookie(name) &#123;</span><br><span class="line">        var cookieValue = null;</span><br><span class="line">        <span class="keyword">if</span> (document.cookie &amp;&amp; document.cookie !== <span class="string">&#x27;&#x27;</span>) &#123;</span><br><span class="line">            var cookies = document.cookie.split(<span class="string">&#x27;;&#x27;</span>);</span><br><span class="line">            <span class="keyword">for</span> (var i = <span class="number">0</span>; i &lt; cookies.length; i++) &#123;</span><br><span class="line">                var cookie = jQuery.trim(cookies[i]);</span><br><span class="line">                // Does this cookie string begin <span class="keyword">with</span> the name we want?</span><br><span class="line">                <span class="keyword">if</span> (cookie.substring(<span class="number">0</span>, name.length + <span class="number">1</span>) === (name + <span class="string">&#x27;=&#x27;</span>)) &#123;</span><br><span class="line">                    cookieValue = decodeURIComponent(cookie.substring(name.length + <span class="number">1</span>));</span><br><span class="line">                    <span class="keyword">break</span>;</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">return</span> cookieValue;</span><br><span class="line">    &#125;</span><br><span class="line">    var csrftoken = getCookie(<span class="string">&#x27;csrftoken&#x27;</span>);</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">    function csrfSafeMethod(method) &#123;</span><br><span class="line">        // these HTTP methods do <span class="keyword">not</span> require CSRF protection</span><br><span class="line">        <span class="keyword">return</span> (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    $.ajaxSetup(&#123;</span><br><span class="line">        beforeSend: function (xhr, settings) &#123;</span><br><span class="line">            <span class="keyword">if</span> (!csrfSafeMethod(settings.<span class="built_in">type</span>) &amp;&amp; !this.crossDomain) &#123;</span><br><span class="line">                xhr.setRequestHeader(<span class="string">&quot;X-CSRFToken&quot;</span>, csrftoken);</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;);</span><br></pre></td></tr></table></figure>

<h2 id="五、csrf相关装饰器"><a href="#五、csrf相关装饰器" class="headerlink" title="五、csrf相关装饰器"></a>五、csrf相关装饰器</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">1.网站整体都不校验csrf，就单单几个视图函数需要校验</span></span><br><span class="line"><span class="string">2.网站整体都校验csrf，就单单几个视图函数不校验</span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="keyword">from</span> django.views.decorators.csrf <span class="keyword">import</span> csrf_protect,csrf_exempt</span><br><span class="line"><span class="keyword">from</span> django.utils.decorators <span class="keyword">import</span> method_decorator</span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="string">csrf_protect  需要校验</span></span><br><span class="line"><span class="string">    针对csrf_protect符合我们之前所学的装饰器的三种玩法</span></span><br><span class="line"><span class="string">csrf_exempt   忽视校验</span></span><br><span class="line"><span class="string">    针对csrf_exempt只能给dispatch方法加才有效</span></span><br><span class="line"><span class="string">&quot;&quot;&quot;</span></span><br><span class="line"><span class="meta">@csrf_exempt</span></span><br><span class="line"><span class="meta">@csrf_protect</span></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">transfer</span>(<span class="params">request</span>):</span></span><br><span class="line">    <span class="keyword">if</span> request.method == <span class="string">&#x27;POST&#x27;</span>:</span><br><span class="line">        username = request.POST.get(<span class="string">&#x27;username&#x27;</span>)</span><br><span class="line">        target_user = request.POST.get(<span class="string">&#x27;target_user&#x27;</span>)</span><br><span class="line">        money = request.POST.get(<span class="string">&#x27;money&#x27;</span>)</span><br><span class="line">        <span class="built_in">print</span>(<span class="string">&#x27;%s给%s转了%s元&#x27;</span>%(username,target_user,money))</span><br><span class="line">    <span class="keyword">return</span> render(request,<span class="string">&#x27;transfer.html&#x27;</span>)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">from</span> django.views <span class="keyword">import</span> View</span><br><span class="line"></span><br><span class="line"><span class="meta">@method_decorator(<span class="params">csrf_protect,name=<span class="string">&#x27;post&#x27;</span></span>)  </span><span class="comment"># 针对csrf_protect 第二种方式可以</span></span><br><span class="line"><span class="meta">@method_decorator(<span class="params">csrf_exempt,name=<span class="string">&#x27;post&#x27;</span></span>)  </span><span class="comment"># 针对csrf_exempt 第二种方式不可以</span></span><br><span class="line"><span class="meta">@method_decorator(<span class="params">csrf_exempt,name=<span class="string">&#x27;dispatch&#x27;</span></span>)</span></span><br><span class="line"><span class="class"><span class="keyword">class</span> <span class="title">MyCsrfToken</span>(<span class="params">View</span>):</span></span><br><span class="line"><span class="meta">    @method_decorator(<span class="params">csrf_protect</span>)  </span><span class="comment"># 针对csrf_protect 第三种方式可以</span></span><br><span class="line"><span class="meta">    @method_decorator(<span class="params">csrf_exempt</span>)  </span><span class="comment"># 针对csrf_exempt 第三种方式可以</span></span><br><span class="line">    <span class="function"><span class="keyword">def</span> <span class="title">dispatch</span>(<span class="params">self, request, *args, **kwargs</span>):</span></span><br><span class="line">        <span class="keyword">return</span> <span class="built_in">super</span>(MyCsrfToken, self).dispatch(request,*args,**kwargs)</span><br><span class="line"></span><br><span class="line">    <span class="function"><span class="keyword">def</span> <span class="title">get</span>(<span class="params">self,request</span>):</span></span><br><span class="line">        <span class="keyword">return</span> HttpResponse(<span class="string">&#x27;get&#x27;</span>)</span><br><span class="line"></span><br><span class="line"><span class="meta">    @method_decorator(<span class="params">csrf_protect</span>)  </span><span class="comment"># 针对csrf_protect 第一种方式可以</span></span><br><span class="line"><span class="meta">    @method_decorator(<span class="params">csrf_exempt</span>)  </span><span class="comment"># 针对csrf_exempt 第一种方式不可以</span></span><br><span class="line">    <span class="function"><span class="keyword">def</span> <span class="title">post</span>(<span class="params">self,request</span>):</span></span><br><span class="line">        <span class="keyword">return</span> HttpResponse(<span class="string">&#x27;post&#x27;</span>)</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h2 id="六、补充知识点-importlib"><a href="#六、补充知识点-importlib" class="headerlink" title="六、补充知识点(importlib)"></a>六、补充知识点(importlib)</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 模块:importlib</span></span><br><span class="line"><span class="keyword">import</span> importlib</span><br><span class="line">res = <span class="string">&#x27;myfile.b&#x27;</span></span><br><span class="line">ret = importlib.import_module(res)  <span class="comment"># from myfile import b</span></span><br><span class="line"><span class="comment"># 该方法最小只能到py文件名</span></span><br><span class="line"><span class="built_in">print</span>(ret)</span><br></pre></td></tr></table></figure>

<h2 id="七、重要思想"><a href="#七、重要思想" class="headerlink" title="七、重要思想"></a>七、重要思想</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> settings</span><br><span class="line"><span class="keyword">import</span> importlib</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">send_all</span>(<span class="params">content</span>):</span></span><br><span class="line">    <span class="keyword">for</span> path_str <span class="keyword">in</span> settings.NOTIFY_LIST:  <span class="comment">#&#x27;notify.email.Email&#x27;</span></span><br><span class="line">        module_path,class_name = path_str.rsplit(<span class="string">&#x27;.&#x27;</span>,maxsplit=<span class="number">1</span>)</span><br><span class="line">        <span class="comment"># module_path = &#x27;notify.email&#x27;  class_name = &#x27;Email&#x27;</span></span><br><span class="line">        <span class="comment"># 1 利用字符串导入模块</span></span><br><span class="line">        module = importlib.import_module(module_path)  <span class="comment"># from notify import email</span></span><br><span class="line">        <span class="comment"># 2 利用反射获取类名</span></span><br><span class="line">        cls = <span class="built_in">getattr</span>(module,class_name)  <span class="comment"># Email、QQ、Wechat</span></span><br><span class="line">        <span class="comment"># 3 生成类的对象</span></span><br><span class="line">        obj = cls()</span><br><span class="line">        <span class="comment"># 4 利用鸭子类型直接调用send方法</span></span><br><span class="line">        obj.send(content)</span><br></pre></td></tr></table></figure>


            </div>

            <!-- Post Comments -->
            
    <!-- 使用 DISQUS_CLICK -->
<div id="disqus-comment">
    <div id="disqus_thread"></div>

<!-- add animation -->
<style>
	.disqus_click_btn {
            line-height: 30px;
            margin: 0;
            min-width: 50px;
            padding: 0 14px;
            display: inline-block;
            font-family: "Roboto", "Helvetica", "Arial", sans-serif;
            font-size: 14px;
            font-weight: 400;
            text-transform: uppercase;
            letter-spacing: 0;
            overflow: hidden;
            will-change: box-shadow;
            transition: box-shadow .2s cubic-bezier(.4, 0, 1, 1), background-color .2s cubic-bezier(.4, 0, .2, 1), color .2s cubic-bezier(.4, 0, .2, 1);
            outline: 0;
            cursor: pointer;
            text-decoration: none;
            text-align: center;
            vertical-align: middle;
            border: 0;
            background: rgba(158, 158, 158, .2);
            box-shadow: 0 2px 2px 0 rgba(0, 0, 0, .14), 0 3px 1px -2px rgba(0, 0, 0, .2), 0 1px 5px 0 rgba(0, 0, 0, .12);
            color: #fff;
            background-color: #7EC0EE;
            text-shadow: 0
        }
</style>
	
<div class="btn_click_load" id="disqus_bt"> 
    <button class="disqus_click_btn">点击查看评论</button>
</div>

<!--
<script type="text/javascript">
$('.btn_click_load').click(function() {
    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
    var disqus_shortname = 'http-miccall-tech'; // required: replace example with your forum shortname

    /* * * DON'T EDIT BELOW THIS LINE * * */
    (function() {
      var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
      dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
      (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
    })();

    document.getElementById('disqus_bt').style.display = "none";
});
</script>
-->
<script type="text/javascript">
    var disqus_config = function () {
        this.page.url = 'https://gitee.com/AmeX/amelin-ting.git/2018/05/06/Django------%E4%B8%AD%E9%97%B4%E4%BB%B6/';  // Replace PAGE_URL with your page's canonical URL variable
        this.page.identifier = 'https://gitee.com/AmeX/amelin-ting.git/2018/05/06/Django------%E4%B8%AD%E9%97%B4%E4%BB%B6/'; // Replace PAGE_IDENTIFIER with your page's unique identifier variable
    };
</script>

<script type="text/javascript">
    $('.btn_click_load').click(function() {  //click to load comments
        (function() { // DON'T EDIT BELOW THIS LINE
            var d = document;
            var s = d.createElement('script');
            s.src = '//http-miccall-tech.disqus.com/embed.js';
            s.setAttribute('data-timestamp', + new Date());
            (d.head || d.body).appendChild(s);
        })();
        $('.btn_click_load').css('display','none');
    });
</script>
</div>
<style>
    #disqus-comment{
        background-color: #eee;
        padding: 2pc;
    }
</style>


        </div>
        <!-- Copyright 版权 start -->
                <div id="copyright">
            <ul>
                <li>&copy;Powered By <a target="_blank" rel="noopener" href="https://hexo.io/zh-cn/" style="border-bottom: none;">hexo</a></li>
                <li>Design: <a target="_blank" rel="noopener" href="http://miccall.tech " style="border-bottom: none;">miccall</a></li>
            </ul>
            
                <span id="busuanzi_container_site_pv">本站总访问量<span id="busuanzi_value_site_pv"></span>次</span>
			
        </div>
    </div>
</body>



 	
</html>
